Updated verify-signatures middleware to handle testnet and mainnet

Author: otobongfp

docker-compose.yml

@@ -26,8 +26,8 @@ services:
       interval: 30s
       timeout: 10s
       retries: 5
-    # ports:
-    #   - '5672:5672'
+    ports:
+      - '5672:5672'
 
   redis:
     container_name: redis
@@ -39,8 +39,8 @@ services:
       interval: 30s
       timeout: 10s
       retries: 5
-    # ports:
-    #   - '6379:6379'
+    ports:
+      - '6379:6379'
 
 volumes:
   relay-storage:

package-lock.json

@@ -24,16 +24,16 @@
   },
   "dependencies": {
     "@aws-sdk/client-s3": "^3.504.0",
-    "@ltonetwork/http-message-signatures": "^0.1.11",
-    "@ltonetwork/lto": "^0.15.16",
+    "@ltonetwork/http-message-signatures": "^0.1.12",
+    "@ltonetwork/lto": "^0.16.6",
     "@nestjs/axios": "^3.0.0",
     "@nestjs/common": "^9.0.0",
     "@nestjs/core": "^9.0.0",
     "@nestjs/platform-express": "^9.0.0",
     "@nestjs/swagger": "^6.3.0",
     "amqplib": "^0.10.3",
     "any-bucket": "^0.1.6",
-    "axios": "^1.6.8",
+    "axios": "^1.7.7",
     "boolean": "^3.2.0",
     "connection-string": "^4.3.6",
     "convict": "^6.2.4",

package.json

@@ -7,26 +7,16 @@ import { DispatcherModule } from './dispatcher/dispatcher.module';
 import { QueueModule } from './queue/queue.module';
 import { InboxModule } from './inbox/inbox.module';
 import { VerifySignatureMiddleware } from './common/http-signature/verify-signature.middleware';
-import { InboxController } from './inbox/inbox.controller';
 
 export const AppModuleConfig = {
   imports: [ConfigModule, RabbitMQModule, QueueModule, DispatcherModule, InboxModule],
   controllers: [AppController],
   providers: [AppService],
 };
 
-// @Module(AppModuleConfig)
-// export class AppModule {
-//   configure(consumer: MiddlewareConsumer) {
-//     consumer.apply(VerifySignatureMiddleware).forRoutes(InboxController);
-//   }
-// }
-
 @Module(AppModuleConfig)
 export class AppModule {
   configure(consumer: MiddlewareConsumer) {
-    consumer
-      .apply(VerifySignatureMiddleware)
-      .forRoutes({ path: 'inboxes/:address/:hash', method: RequestMethod.DELETE });
+    consumer.apply(VerifySignatureMiddleware).forRoutes({ path: 'inboxes/*', method: RequestMethod.ALL });
   }
 }

src/app.module.ts

@@ -169,10 +169,6 @@ export class ConfigService {
     return this.config.get(`lto.${this.networkName(network)}.node`);
   }
 
-  getNetworkId(): string {
-    return this.config.get('lto.networkId');
-  }
-
   getDidResolver(network: 'mainnet' | 'testnet' | 'L' | 'T'): string {
     return this.config.get(`lto.${this.networkName(network)}.did_resolver`);
   }

src/common/config/config.service.ts

@@ -1,22 +1,26 @@
 import { Injectable, NestMiddleware } from '@nestjs/common';
 import { NextFunction, Request, Response } from 'express';
-import { LTO } from '@ltonetwork/lto';
+import { LTO, getNetwork } from '@ltonetwork/lto';
 import { verify } from '@ltonetwork/http-message-signatures';
-import { ConfigService } from '../config/config.service';
 
+export const lto = new LTO();
 @Injectable()
 export class VerifySignatureMiddleware implements NestMiddleware {
-  private readonly lto: LTO;
+  private lto: LTO;
 
-  constructor(private readonly config: ConfigService) {
-    const networkID = this.config.getNetworkId();
-    this.lto = new LTO(networkID);
+  constructor() {
+    this.lto = new LTO();
   }
 
-  async verify(req: Request, res: Response): Promise<boolean> {
+  async verifyRequest(req: Request, res: Response): Promise<boolean> {
     try {
-      const fullUrl = `${req.protocol}://${req.get('host')}${req.originalUrl}`;
-      req.url = fullUrl;
+      const path = req.path;
+      const walletAddress = path.match(/3[^\/]*/)?.[0];
+      const network = getNetwork(walletAddress);
+
+      //switch to testnet if address is testnet
+      if (network == 'T') this.lto = new LTO(network);
+
       const account = await verify(req, this.lto);
       req['signer'] = account;
     } catch (err) {
@@ -27,7 +31,7 @@ export class VerifySignatureMiddleware implements NestMiddleware {
   }
 
   async use(req: Request, res: Response, next: NextFunction): Promise<void> {
-    if ('signature' in req.headers && !(await this.verify(req, res))) return;
+    if ('signature' in req.headers && !(await this.verifyRequest(req, res))) return;
     next();
   }
 }

src/common/http-signature/verify-signature.middleware.ts

@@ -126,10 +126,6 @@ export default {
     },
   },
   lto: {
-    networkId: {
-      default: 'L',
-      env: 'NETWORK_ID',
-    },
     testnet: {
       node: {
         doc: 'LTO testnet node url',

src/config/schema.ts

@@ -27,13 +27,28 @@ export class InboxController {
   @ApiParam({ name: 'address', description: 'Address to get inbox for' })
   @ApiQuery({ name: 'type', description: 'Type of messages to get', required: false })
   @ApiProduces('application/json')
-  async list(@Param('address') address: string, @Query('type') type?: string): Promise<MessageSummery[]> {
+  async list(
+    @Signer() signer: Account,
+    @Param('address') address: string,
+    @Query('type') type?: string,
+  ): Promise<MessageSummery[]> {
+    if (signer.address !== address) {
+      throw new ForbiddenException({ message: 'Unauthorized: Invalid signature for this address' });
+    }
     return this.inbox.list(address, type);
   }
 
   @Get('/:address/:hash')
   @ApiProduces('application/json')
-  async get(@Param('address') address: string, @Param('hash') hash: string): Promise<Message> {
+  async get(
+    @Param('address') address: string,
+    @Param('hash') hash: string,
+    @Signer() signer: Account,
+  ): Promise<Message> {
+    if (signer.address !== address) {
+      throw new ForbiddenException({ message: 'Unauthorized: Invalid signature for this address' });
+    }
+
     if (!(await this.inbox.has(address, hash))) {
       throw new NotFoundException({ message: 'Message not found' });
     }

src/inbox/inbox.controller.ts

@@ -1234,13 +1234,15 @@
     "@jridgewell/resolve-uri" "^3.0.3"
     "@jridgewell/sourcemap-codec" "^1.4.10"
 
-"@ltonetwork/http-message-signatures@^0.1.11":
-  version "0.1.11"
-  resolved "https://registry.npmjs.org/@ltonetwork/http-message-signatures/-/http-message-signatures-0.1.11.tgz"
-  integrity sha512-8pFdYvR1oL5W1tQwYhryvOImE89dwRAdalnYvM4L7LrN/SYYI6ub/oLDtgpsqwZXtoX5SOP8bh2l79Un06BMVQ==
+"@ltonetwork/http-message-signatures@^0.1.12":
+  version "0.1.12"
+  resolved "https://registry.npmjs.org/@ltonetwork/http-message-signatures/-/http-message-signatures-0.1.12.tgz"
+  integrity sha512-bk7BemlROclcdXu5ISTKjPeRstJoqWefh6Bvr1q6XaX+KyKgLuKeCSYOKRyBBJ8P/E+tq9toBUIlMRLvW5J9KQ==
 
-"@ltonetwork/lto@^0.15.16":
-  version "0.15.16"
+"@ltonetwork/lto@^0.16.6":
+  version "0.16.6"
+  resolved "https://registry.npmjs.org/@ltonetwork/lto/-/lto-0.16.6.tgz"
+  integrity sha512-TFCgPdN5UPUpXz1OKdM66WBnzXxQdwpvWczp0dvaFhJgZ2WpeXIMVIcwZRJtyApEJD7xhW5SOatDlfWs6YMTfQ==
   dependencies:
     "@noble/curves" "^1.0.0"
     "@noble/hashes" "^1.3.0"
@@ -2280,8 +2282,10 @@ async@^3.2.3:
 asynckit@^0.4.0:
   version "0.4.0"
 
-axios@^1.3.1, axios@^1.6.8:
-  version "1.7.2"
+axios@^1.3.1, axios@^1.7.7:
+  version "1.7.7"
+  resolved "https://registry.npmjs.org/axios/-/axios-1.7.7.tgz"
+  integrity sha512-S4kL7XrjgBmvdGut0sN3yJxqYzrDOnivkBiN0OFs6hLiUam3UPvswUo0kqGyhqUZGEOytHyumEdXsAkgCOUf3Q==
   dependencies:
     follow-redirects "^1.15.6"
     form-data "^4.0.0"